Anubis Malware Masks Itself In Fake Google Apps

As hackers keep on ‘improvising’ their hacking strategies, we see them developing new malware and Trojans to take over your devices. Last month, we reported on the banking Trojan ‘MysteryBot’. Now, we report about another such malware that steals your financial information. This Anubis malware enters your smartphones through fake Google apps.

Anubis Malware Taking Over Smartphones

A team of IBM security researchers discovered several fake apps on Google Play Store that deploy Anubis malware to your smartphones. The researchers have explained their discovery in a blog post.

“The team recently reported that downloader apps in the store are being used as the first step in an infection routine that fetches the Marcher (aka Marcher ExoBot) and BankBot Anubis mobile banking Trojans.”

This BankBot Trojan enters your phone as you click on an apparently legit app. The malware then conveys your login details, credit card information, and other financial data to the hackers.

According to the researchers, at least 10 malicious downloader apps are already available on the Play Store.

“While the number of downloaders may seem modest, each of those apps can fetch more than 1,000 samples from the criminal’s command-and-control (C&C) servers.”

For now, the downloader apps supposedly target Turkish users. However, Anubis itself is not limited to Turkey only. Rather it also affects users from 30 more countries. These include the US, Australia, Canada, France, India, New Zealand, Germany, and the UK.

Anubis Takes Control Of Your Device With “Your Permission”

As explained by the X-Force, Anubis malware masks itself as an apparently legit app. Once you download any malicious downloader app, the downloader fetches the malware app ‘Google Play Protect’. Like any other legit app, it also asks your permission for accessing various features of your phone.

Explaining about this behavior, the researchers wrote,

“BankBot Anubis uses Android’s Accessibility services to perform keylogging as a way to obtain the infected user’s credentials when he or she accesses a targeted mobile banking app… By keylogging the user’s login information, the attacker can steal credentials from any app while avoiding the need to create custom overlays for each target.”

For now, the malware appears to be targeting Android users only. Therefore, Android users must remain careful before downloading any app, regardless of how legit it appears.

Let us know your thoughts in the comments section.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil